)]}' { "log": [ { "commit": "1f789540bbe4bf94c4ccae795272703577ca586e", "tree": "2ecd2308e42e5f25e898f6901cd7562c3adad18a", "parents": [ "2b6dc312656035aedade6f368af1994bdb8b6021" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed May 22 14:01:50 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 12 10:00:40 2024 +0000" }, "message": "m/{node,proto}: implement Node Labels\n\nNodes can now have Labels attached to them. These are string key/value\ndata designed after Kubernetes labels. They are meant to be used to\nattach metadata to nodes, for example external IDs, nicknames or\ngeographical information.\n\nThis change implements just the core functionality: storing them within\netcd, retrieving them via management and curator APIs, and mutating them\nvia a new management RPC.\n\nFollowup changes will impelement provisioning labels at\nbootstrap/registration time and accessing label data from metroctl.\n\nChange-Id: I556b452a65061294e7c51037723a6db31d587716\nReviewed-on: https://review.monogon.dev/c/monogon/+/3101\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8456ddf02aea2e1015805f18ef1871812c5cb7f6", "tree": "7ea30de34d2ed42e2da1c044fb62576464b4e2cc", "parents": [ "7acd92dae19109fff8e6036d0a7fcd64aa1851c1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:56:59 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "metropolis: implement node Deletion and framework for Decommissioning\n\nThis implements the basic ability to remove nodes from a cluster.\n\nWe prepare for a more complex workflow involving multi-sage\ndecommissioning, but first implement the \u0027worst case\u0027 workflow, in which\na node needs to be deleted if it hasn\u0027t been gracefully decommissioned.\nThis is what we currently need most in practice, as we have node\nfailures we\u0027d like to deal with.\n\nThe Delete functionality is still not fully complete though, as we\u0027re\nstill accepting client certificates from decommissioned nodes. But we\u0027ll\nfix that in an upcoming CR.\n\nChange-Id: I7322cb1464a9e5bc924363321534033dcc8a6246\nReviewed-on: https://review.monogon.dev/c/monogon/+/2270\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b91938fe16d74272c14e13cad5c6bd8f82391bc4", "tree": "c70a0acf239851748611957bee9d0275740b56ed", "parents": [ "b40c008a6842a232c18b955375d4f1432b32cd53" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:31:22 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "metropolis: stub out log service\n\nThe server side and client-side implementations are not quite ready yet,\nbut we\u0027re commiting this early so that we can start implementing more\nnode-local management RPCs.\n\nChange-Id: I81b615b0f77dc7750cc738d60ee4923c3182721b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1429\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bb2edbe8a69a04b0d72c5a565bdead5040959125", "tree": "3d9286bd95757222431a279db7e9fcb1b6238dfb", "parents": [ "83e8b6c897aaabb4230ae73a28bba0ed0aca039c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 08 11:57:09 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jun 21 11:19:32 2022 +0000" }, "message": "m/n/c/curator: add Management.UpdateNodeRoles\n\nThis provides an API for node role adjustments.\n\nWhile changes to KubernetesWorker role are registered, not all side\neffects are accounted for as of now. Specifically, disabling this role\nwithin a node won\u0027t lead to its removal from the Kubernetes cluster.\n\nChange-Id: Ie8e65990108b8cf82afecf3374f40f2e857fa776\nReviewed-on: https://review.monogon.dev/c/monogon/+/767\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fdc3a2473e4ebfd77db342252e1088882e01b2d6", "tree": "addfe894acce55d3088764cc49a6c1c3cee55573", "parents": [ "33ce3bcd5c4791cb66a3020b7792829c534c97c6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:56:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:01:17 2022 +0000" }, "message": "third_party/go: fix `go mod tidy`\n\nThis makes our root repository somewhat more gomod-compliant, to the\npoint where we can run `go mod tidy` to manage dependencies.\n\nThe generated placeholder files turn their parent paths into enough of a\nGo package that the go tooling is appeased, but they are ignored by\nGazelle.\n\nIdeally, we will generate these placeholders automatically before\nrunning `go mod tidy` and gitignore them, but this will do as a first\npass.\n\nWe also remove some unused dependencies which got caught by `go mod\ntidy`.\n\nChange-Id: I81e7e92a45f22c8ef9c92207f67a5bd6cc773da5\nReviewed-on: https://review.monogon.dev/c/monogon/+/652\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "1612d4b51f74e439d1efb4b8957d440d148035b7", "tree": "c69d3d08b638ed54ef938a97166893e7b9779cf5", "parents": [ "5b60e581bdc1cd420a281e3a110367e310337850" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Nov 12 13:54:15 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 22 11:18:43 2021 +0000" }, "message": "m/n/c/curator: implement Management.ApproveNode\n\nThis takes a node from NEW to STANDBY. This is the second-to-last\nstep requires in a node\u0027s regsitration flow.\n\nChange-Id: I88f9c7d2cd824c7d3182195b784a725ec9528d28\nReviewed-on: https://review.monogon.dev/c/monogon/+/442\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "2893e980368c0bbb843aa422386462a964623b40", "tree": "0e95252b16a85991de6f0901bc7dcaf2ac566145", "parents": [ "96043bc1cb55b1271b21309b2011d64d2361a0fd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 13:06:16 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:29:42 2021 +0000" }, "message": "m/n/c/curator: add UpdateStatus\n\nThis implements Curator.UpdateStatus, which lets nodes self-report some\nstatus items. Currently this is their external IP address, which is\nneeded to generate a Cluster Directory which is in turn needed to\nregister into a cluster.\n\nChange-Id: Ib5464ca78ee3466d9b9f89b7af8b40f613ae8dcc\nReviewed-on: https://review.monogon.dev/c/monogon/+/332\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3", "tree": "a688d02424e8601ed830d12021b5867688d31438", "parents": [ "6bd415920b84bd695038caeb386f1e97184f0c51" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:42:23 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 02 10:38:15 2021 +0000" }, "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" } ] }